Following the first enforcement actions by local authorities in Shantou and Chongqing for violations of the new Network Security Law that came into effect this year, authorities in China have recently shown a clear initial focus with several new cases targeting provisions of the law that require monitoring of platform content. As of the start of October 2017, enforcement actions by authorities in China have targeted platform content violations in nearly 70 percent of all actions under the new provisions of the data protection rules.
Today, China’s much anticipated Network Security Law comes into effect after two years of review, revisions over three drafts and a public commenting process. The law is a historical development for China’s legislative coverage of information security and data protections. It also represents one of the strictest approaches in any jurisdiction worldwide, and a continuation of a broader effort at demonstrating the government’s cyber-sovereignty goals through control and regulation of data and the internet.
Overview of the Network Security Law
Commonly referred to as the “Cybersecurity Law,” the new piece of legislation has a broad scope and covers a range of issues related to data privacy, security and cross-border transfers, including:
Increasing security measures and strengthening data security through a variety of specific obligations
Ensuring consent for collection of personal information through the principles of legality, proper justification and necessity
Screening equipment and products for security testing and certification
Ensuring real-name registration for users
Strengthening requirements to cooperate with government agencies during criminal investigations or to protect national security
Requiring personal information to be stored in China under some circumstances
Increasing confidentiality measures for user information
Setting up a complaint and reporting platform for network security